Subrata Mazumdar wrote, On 2009-05-13 17:58: > Nelson B Bolyard wrote: >> That's strange. Your DSA test code should NOT have worked. I wonder >> how it could have worked, given that you supplied no "params".
> According to the source code > (http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsCrypto.cpp#610), > > if keyParams is given, it returns error for DSA. It seems that the a > default keyparams generated for all cases. Thanks for spotting that. That's seriously brain dead. No real issuer of DSA certs would ever fail to specify the params. So, the useless case works, and the useful case fails. I'll add a note to bug 488059. > As I have said in the earlier message, I have no problem in generating > EC key-pair. I get error when I try to sign the request using the > private key. When *You* do that? Do you mean when generateCRMFRequest does that? > Since KEYGEN tag also generates signed CRMF request string, and it works > for you, I will try harder to figure out what I am doing wrong. KEYGEN generates a different format request, an SPKAC, not a CRMF request. But the crypto methods involved are similar. > The key generation dialog comes up for EC key type but no CRMF request > object is generated. Here is the HTTP message (that I have captured > using 'Live HTTP headers' add-on) that is sent to the server : > [...] > > Content-Type: application/x-www-form-urlencoded > Content-Length: 44 > EC+public+key=High+Grade&createcert=Generate > ^^^^^^^^^^ > Actual Base-64 CRMF request string should be in place of > 'High+Grade'. I get the same error for DSA key type. Interesting. > When I use the KEYGEN link for RSA key type, I see the complete Base64 > CRMF request string. SPKAC request string. Please file Bugzilla bugs on these issues. Product=Core, Component=Security:PSM -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
